CVE-2018-1064 - OpenCVE

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Redhat	Libvirt

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 2 [-]

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:1396
https://access.redhat.com/errata/RHSA-2018:1929
https://bugzilla.redhat.com/show_bug.cgi?id=1550672	Issue Tracking Patch Third Party Advisory
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/3680-1/
https://www.debian.org/security/2018/dsa-4137	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-03-14T00:00:00

Updated: 2018-06-19T09:57:01

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1064

JSON object: View

NVD Information

Status : Modified

Published: 2018-03-28T18:29:00.207

Modified: 2023-11-07T02:55:48.220

Link: CVE-2018-1064

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"containers": {"cna": {"affected": [{"product": "libvirt", "vendor": "libvirt", "versions": [{"status": "affected", "version": "before 4.2.0-rc1"}]}], "datePublic": "2018-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-19T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-3680-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3680-1/"}, {"name": "RHSA-2018:1396", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1396"}, {"name": "DSA-4137", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4137"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"}, {"name": "RHSA-2018:1929", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1929"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"}, {"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-03-14T00:00:00", "ID": "CVE-2018-1064", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libvirt", "version": {"version_data": [{"version_value": "before 4.2.0-rc1"}]}}]}, "vendor_name": "libvirt"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400"}]}]}, "references": {"reference_data": [{"name": "USN-3680-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3680-1/"}, {"name": "RHSA-2018:1396", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1396"}, {"name": "DSA-4137", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4137"}, {"name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513", "refsource": "CONFIRM", "url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"}, {"name": "RHSA-2018:1929", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1929"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"}, {"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1315-1] libvirt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1064", "datePublished": "2018-03-14T00:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-06-19T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF48B60B-606F-47E7-9469-464B3A10EFFE", "versionEndIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent."}, {"lang": "es", "value": "libvirt, en versiones anteriores a la 4.2.0-rc1 es vulnerable a un agotamiento de recursos como resultado de una soluci\u00f3n incompleta para CVE-2018-5748 que afecta al monitor QEMU, pero que ahora tambi\u00e9n puede desencadenarse mediante el agente invitado de QEMU."}], "id": "CVE-2018-1064", "lastModified": "2023-11-07T02:55:48.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-28T18:29:00.207", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1396"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1929"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550672"}, {"source": "secalert@redhat.com", "url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3680-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4137"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}